adrien/ansible-role-kubernetes
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Update for falco
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse source
This commit is contained in:
Adrien Reslinger 2021-06-05 10:51:19 +02:00
parent d18ccea770
commit 738896b356
Signed by: adrien
GPG key ID: DA7B27055C66D6DE
3 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tasks/cluster_kubeadm.yml
View file

@ -136,6 +136,7 @@
mode: 0644 mode: 0644
with_items: with_items:
- "systemd/system/kubelet.service.d/0-kubelet-extra-args.conf" - "systemd/system/kubelet.service.d/0-kubelet-extra-args.conf"
- "systemd/system/kubelet.service.d/11-cgroups.conf"
- "sysconfig/kubelet" - "sysconfig/kubelet"
when: when:
- ansible_service_mgr == "systemd" - ansible_service_mgr == "systemd"

6
templates/etc/kubernetes/audit-webhook-kubeconfig.j2
View file

@ -1,9 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: Config kind: Config
clusters: clusters:
- cluster: - name: falco
server: http://<ip_of_falco>:8765/k8s_audit cluster:
name: falco server: http://$FALCO_SERVICE_CLUSTERIP:8765/k8s-audit
contexts: contexts:
- context: - context:
cluster: falco cluster: falco

2
templates/kubeadm-config.yaml.j2
View file

@ -69,8 +69,8 @@ apiServer:
audit-log-maxsize: "100" audit-log-maxsize: "100"
{% if false %} {% if false %}
# Falco # Falco
audit-policy-file: "/etc/kubernetes/policies/k8s_audit_rules.yaml"
audit-webhook-config-file: "/etc/kubernetes/policies/audit-webhook-kubeconfig" audit-webhook-config-file: "/etc/kubernetes/policies/audit-webhook-kubeconfig"
audit-webhook-batch-max-wait: "5s"
{% endif %} {% endif %}
extraVolumes: extraVolumes:
- name: "audit-log" - name: "audit-log"